VHR20250708 - July 8, 2025

The Mandiant Intelligence Validation Research Team (VRT) has published VHR20250708 - Content Expansion. This content pack requires Director version 4.12.1.0-0 or higher.

If you’ve enabled the Content Service, this content pack will automatically download and be applied to your Director. Otherwise, you can download the security content pack from the Mandiant Documentation Portal.

Summary of Changes

• 3 Actions added
• 1 File added

Release Highlights

• New Action covering CVE-2025-22457, a Stack-based Buffer Overflow vulnerability in Ivanti Connect Secure, exploited by suspected China-nexus actors UNC4936 and UNC5221.
• New Action covering CVE-2025-5777, an Out-of-bounds Read vulnerability in Citrix NetScaler that allows for security bypass.
• New Action covering CVE-2025-6543, a memory overflow vulnerability in Citrix NetScaler ADC and Gateway that allows remote code execution and has been exploited in the wild.

For full details on this release, see the Release Notes on the Mandiant Documentation Portal.